VMware Hosted Products USB Service Local Privilege Escalation Vulnerability

Bugtraq ID:	39397
Class:	Design Error
CVE:	CVE-2010-1140
Remote:	No
Local:	Yes
Published:	Apr 09 2010 12:00AM
Updated:	Oct 01 2012 07:10PM
Credit:	Thierry Zoller
Vulnerable:	VMWare Workstation 7.0 VMWare Player 3.0 Gentoo Linux
Not Vulnerable:

VMware Hosted Products USB Service Local Privilege Escalation Vulnerability

Multiple VMware products are prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to execute arbitrary code with elevated privileges; this may aid in other attacks. This issue only affects Windows host operating systems.

NOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it.

VMware Hosted Products USB Service Local Privilege Escalation Vulnerability

An attacker requires local interactive access to a guest operating system to exploit this issue.

VMware Hosted Products USB Service Local Privilege Escalation Vulnerability

Solution:
The vendor has released an advisory and patches. Please see the references for more information.

VMware Hosted Products USB Service Local Privilege Escalation Vulnerability

References:

• VMware Homepage (VMware)